<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
                      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
    <title>Authenticating Users in Zend Framework - Zend Framework Manual</title>

    <link href="../css/shCore.css" rel="stylesheet" type="text/css" />
    <link href="../css/shThemeDefault.css" rel="stylesheet" type="text/css" />
    <link href="../css/styles.css" media="all" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Zend Framework</h1>
<h2>Programmer's Reference Guide</h2>
<ul>
    <li><a href="../en/learning.multiuser.authentication.html">Inglês (English)</a></li>
    <li><a href="../pt-br/learning.multiuser.authentication.html">Português Brasileiro (Brazilian Portuguese)</a></li>
</ul>
<table width="100%">
    <tr valign="top">
        <td width="85%">
            <table width="100%">
                <tr>
                    <td width="25%" style="text-align: left;">
                    <a href="learning.multiuser.sessions.html">Managing User Sessions In ZF</a>
                    </td>

                    <td width="50%" style="text-align: center;">
                        <div class="up"><span class="up"><a href="learning.multiuser.html">Iniciando com o Zend_Session, Zend_Auth, e Zend_Acl</a></span><br />
                        <span class="home"><a href="manual.html">Guia de Refer&ecirc;ncia do Programador</a></span></div>
                    </td>

                    <td width="25%" style="text-align: right;">
                        <div class="next" style="text-align: right; float: right;"><a href="learning.multiuser.authorization.html">Building an Authorization System in Zend Framework</a></div>
                    </td>
                </tr>
            </table>
<hr />
<div id="learning.multiuser.authentication" class="section"><div class="info"><h1 class="title">Authenticating Users in Zend Framework</h1></div>
    

    <div class="section" id="learning.multiuser.authentication.intro"><div class="info"><h1 class="title">Introduction to Authentication</h1></div>
        

        <p class="para">
            Once a web application has been able to distinguish one user from another by
            establishing a session, web applications typically want to validate the identity
            of a user. The process of validating a consumer as being authentic is &quot;authentication.&quot;
            Authentication is made up of two distinctive parts: an identity and a set of
            credentials. It takes some variation of both presented to the application for
            processing so that it may authenticate a user.
        </p>

        <p class="para">
            While the most common pattern of authentication revolves around usernames and
            passwords, it should be stated that this is not always the case. Identities are
            not limited to usernames. In fact, any public identifier can be used: an assigned
            number, social security number, or residence address. Likewise, credentials are not
            limited to passwords. Credentials can come in the form of protected private
            information: fingerprint, eye retinal scan, passphrase, or any other obscure personal
            information.
        </p>
    </div>

    <div class="section" id="learning.multiuser.authentication.basic-usage"><div class="info"><h1 class="title">Basic Usage of Zend_Auth</h1></div>
        

        <p class="para">
            In the following example, we will be using <span class="classname">Zend_Auth</span> to
            complete what is probably the most prolific form of authentication: username and
            password from a database table. This example assumes that you have already setup your
            application using <span class="classname">Zend_Application</span>, and that inside that
            application you have configured a database connection.
        </p>

        <p class="para">
            The job of the <span class="classname">Zend_Auth</span> class is twofold. First, it should
            be able to accept an authentication adapter to use to authenticate a user. Secondly,
            after a successful authentication of a user, it should persist throughout each and
            every request that might need to know if the current user has indeed been
            authenticated. To persist this data, <span class="classname">Zend_Auth</span> consumes
            <span class="classname">Zend_Session_Namespace</span>, but you will generally never need
            to interact with this session object.
        </p>

        <p class="para">
            Lets assume we have the following database table setup:
        </p>

        <pre class="programlisting brush: php">
CREATE TABLE users (
    id INTEGER  NOT NULL PRIMARY KEY,
    username VARCHAR(50) UNIQUE NOT NULL,
    password VARCHAR(32) NULL,
    password_salt VARCHAR(32) NULL,
    real_name VARCHAR(150) NULL
)
</pre>


        <p class="para">
            The above demonstrates a user table that includes a username, password, and also a
            password salt column. This salt column is used as part of a technique called salting
            that would improve the security of your database of information against brute force
            attacks targeting the algorithm of your password hashing. <a href="http://en.wikipedia.org/wiki/Salting_%28cryptography%29" class="link external">&raquo; More
                information</a> on salting.
        </p>

        <p class="para">
            For this implementation, we must first make a simple form that we can utilized as
            the &quot;login form&quot;. We will use <span class="classname">Zend_Form</span> to accomplish this.
        </p>

        <pre class="programlisting brush: php">
// located at application/forms/Auth/Login.php

class Default_Form_Auth_Login extends Zend_Form
{
    public function init()
    {
        $this-&gt;setMethod(&#039;post&#039;);

        $this-&gt;addElement(
            &#039;text&#039;, &#039;username&#039;, array(
                &#039;label&#039; =&gt; &#039;Username:&#039;,
                &#039;required&#039; =&gt; true,
                &#039;filters&#039;    =&gt; array(&#039;StringTrim&#039;),
            ));

        $this-&gt;addElement(&#039;password&#039;, &#039;password&#039;, array(
            &#039;label&#039; =&gt; &#039;Password:&#039;,
            &#039;required&#039; =&gt; true,
            ));

        $this-&gt;addElement(&#039;submit&#039;, &#039;submit&#039;, array(
            &#039;ignore&#039;   =&gt; true,
            &#039;label&#039;    =&gt; &#039;Login&#039;,
            ));

    }
}
</pre>


        <p class="para">
            With the above form, we can now go about creating our login action for
            our authentication controller. This controller will be called
            &quot;<span class="classname">AuthController</span>&quot;, and will be located at
            <var class="filename">application/controllers/AuthController.php</var>. It will have a
            single method called &quot; <span class="methodname">loginAction()</span>&quot; which will serve as the
            self-posting action. In other words, regardless of the url was POSTed to or GETed
            to, this method will handle the logic.
        </p>

        <p class="para">
            The following code will demonstrate how to construct the proper adapter, integrate it
            with the form:
        </p>

        <pre class="programlisting brush: php">
class AuthController extends Zend_Controller_Action
{

    public function loginAction()
    {
        $db = $this-&gt;_getParam(&#039;db&#039;);

        $loginForm = new Default_Form_Auth_Login();

        if ($loginForm-&gt;isValid($_POST)) {

            $adapter = new Zend_Auth_Adapter_DbTable(
                $db,
                &#039;users&#039;,
                &#039;username&#039;,
                &#039;password&#039;,
                &#039;MD5(CONCAT(?, password_salt))&#039;
                );

            $adapter-&gt;setIdentity($loginForm-&gt;getValue(&#039;username&#039;));
            $adapter-&gt;setCredential($loginForm-&gt;getValue(&#039;password&#039;));

            $auth   = Zend_Auth::getInstance(); 
            $result = $auth-&gt;authenticate($adapter);

            if ($result-&gt;isValid()) {
                $this-&gt;_helper-&gt;FlashMessenger(&#039;Successful Login&#039;);
                $this-&gt;_redirect(&#039;/&#039;);
                return;
            }

        }

        $this-&gt;view-&gt;loginForm = $loginForm;

    }

}
</pre>


        <p class="para">
            The corresponding view script is quite simple for this action. It will set the current
            url since this form is self processing, and it will display the form. This view script
            is located at <var class="filename">application/views/scripts/auth/login.phtml</var>:
        </p>

        <pre class="programlisting brush: php">
$this-&gt;form-&gt;setAction($this-&gt;url());
echo $this-&gt;form;
</pre>


        <p class="para">
            There you have it. With these basics you can expand the general concepts to include
            more complex authentication scenarios. For more information on other
            <span class="classname">Zend_Auth</span> adapters, have a look in
            <a href="zend.auth.html" class="link">the reference guide</a>.
        </p>
    </div>
</div>
        <hr />

            <table width="100%">
                <tr>
                    <td width="25%" style="text-align: left;">
                    <a href="learning.multiuser.sessions.html">Managing User Sessions In ZF</a>
                    </td>

                    <td width="50%" style="text-align: center;">
                        <div class="up"><span class="up"><a href="learning.multiuser.html">Iniciando com o Zend_Session, Zend_Auth, e Zend_Acl</a></span><br />
                        <span class="home"><a href="manual.html">Guia de Refer&ecirc;ncia do Programador</a></span></div>
                    </td>

                    <td width="25%" style="text-align: right;">
                        <div class="next" style="text-align: right; float: right;"><a href="learning.multiuser.authorization.html">Building an Authorization System in Zend Framework</a></div>
                    </td>
                </tr>
            </table>
</td>
        <td style="font-size: smaller;" width="15%"> <style type="text/css">
#leftbar {
	float: left;
	width: 186px;
	padding: 5px;
	font-size: smaller;
}
ul.toc {
	margin: 0px 5px 5px 5px;
	padding: 0px;
}
ul.toc li {
	font-size: 85%;
	margin: 1px 0 1px 1px;
	padding: 1px 0 1px 11px;
	list-style-type: none;
	background-repeat: no-repeat;
	background-position: center left;
}
ul.toc li.header {
	font-size: 115%;
	padding: 5px 0px 5px 11px;
	border-bottom: 1px solid #cccccc;
	margin-bottom: 5px;
}
ul.toc li.active {
	font-weight: bold;
}
ul.toc li a {
	text-decoration: none;
}
ul.toc li a:hover {
	text-decoration: underline;
}
</style>
 <ul class="toc">
  <li class="header home"><a href="manual.html">Guia de Refer&ecirc;ncia do Programador</a></li>
  <li class="header up"><a href="manual.html">Guia de Refer&ecirc;ncia do Programador</a></li>
  <li class="header up"><a href="learning.html">Conhecendo o Zend Framework</a></li>
  <li class="header up"><a href="learning.multiuser.html">Iniciando com o Zend_Session, Zend_Auth, e Zend_Acl</a></li>
  <li><a href="learning.multiuser.intro.html">Building Multi-User Applications With Zend Framework</a></li>
  <li><a href="learning.multiuser.sessions.html">Managing User Sessions In ZF</a></li>
  <li class="active"><a href="learning.multiuser.authentication.html">Authenticating Users in Zend Framework</a></li>
  <li><a href="learning.multiuser.authorization.html">Building an Authorization System in Zend Framework</a></li>
 </ul>
 </td>
    </tr>
</table>

<script type="text/javascript" src="../js/shCore.js"></script>
<script type="text/javascript" src="../js/shAutoloader.js"></script>
<script type="text/javascript" src="../js/main.js"></script>

</body>
</html>